From 2311e5c4eab2db129508e72d6962dddf101744b7 Mon Sep 17 00:00:00 2001
From: Felix Geyer <debfx@fobos.de>
Date: Wed, 3 Sep 2014 21:52:03 +0200
Subject: [PATCH] apparmor: allow reading cap_last_cap

libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
and thus running a qemu guest fails.

Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 examples/apparmor/libvirt-qemu | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 83814ecf56..c6de6dd77c 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -1,4 +1,4 @@
-# Last Modified: Fri Mar 9 14:43:22 2012
+# Last Modified: Wed Sep 3 21:52:03 2014
 
   #include <abstractions/base>
   #include <abstractions/consoles>
@@ -21,6 +21,7 @@
   /dev/ptmx rw,
   /dev/kqemu rw,
   @{PROC}/*/status r,
+  @{PROC}/sys/kernel/cap_last_cap r,
 
   # For hostdev access. The actual devices will be added dynamically
   /sys/bus/usb/devices/ r,
-- 
2.47.2